Vulnerability — CVE-2014-4113

CVE-2014-4113

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2014-4113
Description:: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
Last updated date:: 12/20/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 10/14/2014
Reference url to background: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/04/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/26/2019
Reference url to background: http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/21/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms14_058_track_popup_menu.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/02/2024
Reference url to background: http://packetstormsecurity.com/files/131964/Windows-8.0-8.1-x64-TrackPopupMenu-Privilege-Escalation.html